Auth & local state
How the MCP server reads credentials and where its on-disk state lives.
The Asomium MCP server is stateless across runs — every credential
is read fresh from your macOS Keychain, and the small amount of state
the server does keep (tracking, snapshots, counters) lives in plain
JSON files under ~/Library/Application Support/ReleaseKit/.
Credentials flow
When the MCP server starts up, it does two things:
- Reads the handoff file at
~/Library/Application Support/ReleaseKit/com.mariopek.releasekit/mcp-handoff.jsonto learn which workspace it should authenticate as. The Mac app writes this file the first time you enable MCP access in Settings → AI Integration. - Reads the ASC API key from the per-workspace Keychain entry pointed to by the handoff. Both the GUI and the MCP process share the same Keychain entry — they run as the same user, so plain POSIX file permissions are enough; no entitlement gymnastics required.
For one-off CLI invocations (testing locally, scripted runs without the Mac app open), env vars override the handoff path:
ASOMIUM_ASC_KEY_IDASOMIUM_ASC_ISSUER_IDASOMIUM_ASC_KEY_PEM(inline) orASOMIUM_ASC_KEY_PEM_PATH(file path)
Anthropic credentials
How translation reaches Claude depends on your subscription tier:
- BYO — the MCP server reads your Anthropic key from the same
Keychain entry the Mac app uses (or
ASOMIUM_ANTHROPIC_API_KEYenv var). Your Anthropic account is billed for eachtranslate_fieldcall. - Pro Monthly / Annual — translations route through Asomium’s managed AI account. You don’t supply an Anthropic key; the MCP server uses team credentials and decrements your monthly token bucket. A future quota handoff file lets the Mac app pass the remaining token count to MCP for client-side enforcement.
Nothing goes anywhere else
- The AI client (Claude, Cursor, etc.) never sees your ASC
.p8key — only the structured JSON results of MCP tool calls. - The MCP process never writes credentials to disk; it reads them fresh from Keychain each session.
- Network traffic from the MCP server hits exactly three destinations:
Apple (App Store Connect API + iTunes Search), Anthropic
(
translate_fieldonly), and — for Pro tiers — RevenueCat for subscription state. Nothing else.
MCP-owned on-disk state
The server keeps these files under
~/Library/Application Support/ReleaseKit/com.mariopek.releasekit/:
| File | What it stores | Written by |
|---|---|---|
mcp-handoff.json | Active workspace identifier | Mac app |
mcp-build-configs.json | Per-app Xcode project / scheme / platform for build_and_ship | Mac app (mirrored from BuildConfigStore) |
keyword-tracking.json | Tracked keywords + rank-snapshot history | MCP (track_keyword, refresh_tracked_ranks) |
snapshots/<bundleId>/*.json | Saved metadata snapshots for diff_metadata | MCP (snapshot_metadata) |
usage-counter.json | Current-month translate-call counter | MCP (translate_field increments) |
All files use 0600 POSIX permissions — readable only by your user account. The Mac app and MCP server both run as you, so no shared group or App Group is needed.
Concurrency
The MCP server doesn’t lock the Keychain or these JSON files — Mac OS
serialises access at the filesystem layer, and the JSON writes are
atomic (Data.write(options: [.atomic])). The Mac app polls ASC every
30 seconds, so any change made through MCP appears in the GUI on the
next poll without manual refresh.
Multiple machines
Each machine has its own Asomium install with its own Keychain entries and its own local JSON files. Subscription state syncs cross-device via your Apple ID (Apple StoreKit + RevenueCat), but per-machine state — tracked keywords, saved snapshots, build configs — stays local. If you want any of that to sync, file an issue.
Disconnecting
To revoke MCP access without uninstalling:
- Open Asomium → Settings → AI Integration.
- Click Disconnect — the handoff file is deleted; MCP can no longer authenticate as your workspace.
- Reconnect at any time to re-enable.